Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Windows Sensor: All Supported Versions
- Carbon Black Cloud MacOS Sensor: All Supported Versions
- Carbon Black Cloud Linux Sensor: Version 2.13 and Later
Objective
How to Quarantine a Device from the Carbon Black Cloud Console?
Resolution
Devices can be quarantined from the Endpoints page or the Investigate Page
Endpoints Page
- Search for the device to be quarantined\unquarantined
- Select the checkbox to the left of the device to be quarantined
- Select "Take Action"
- From the drop down choose "Quarantine devices" to quarantine a device or "Unquarantine devices" to take a device out of quarantine
- A popup box will appear with the following message:
Quarantine device
Are you sure you want to:
o Quarantine\Unquarantine the x selected devices
o Quarantine\Unquarantine all x devices matching the search
Yes or Cancel
- Select "Quarantine the x selected devices" to quarantine only the device selected. If "Quarantine all x devices matching the search" is selected then all devices currently displayed in the Endpoint page will be quarantined.
- Select "Yes" to complete the quarantine\unquarantine request
- When the the device has received the request to quarantine\unquarantine, the device status will update accordingly
Investigate Page
Does not apply to ThreatHunter
- Search for the device to be quarantined\unquarantined
- Select the Device tab
- Select "Take Action"
- From the drop down choose "Quarantine devices" to quarantine a device or "Unquarantine devices" to take a device out of quarantine
- A popup box will appear with the following message:
Quarantine Device
Are you sure you want to quarantine device [device name]
Request Quarantine or Cancel
- Select "Request Quarantine" or "Request Unquarantine" to complete the quarantine\unquarantine request
- When the the device has received the request to quarantine\unquarantine, the device status will update accordingly
Related Content